18-year-old Luca Todesco has uncovered two zero-day vulnerabilities in OS X that could be exploited to remotely gain access to a computer, reports PC World.
Todesco’s exploit uses two bugs to corrupt memory found in the OS X kernel. This condition can be used to circumvent built-in safeguards against intrusions and grant the attacker access to a root shell.
His exploit code works on OS X version 10.9.5 through 10.10.5. However, Apple has already fixed the issue in El Capitan 10.11, which is currently in beta.
Todesco posted details of his findings, along with a patch for them on GitHub. He said that he’d notified Apple of the issues a few hours before publishing them.
If you’re running any of the affected versions of OS X, you’d do well to consider Todesco’s patch; bear in mind that it’s an unofficial fix, so use it at your own risk.
We’ve contacted Apple and will update this post if we hear back.